Patients at an Ohio rehab hospital were notified of breach. Was that breach part of a coordinated attack on Ernest Health hospitals?

Lauren Lindstrom reports:

An undisclosed number of patients at the Rehabilitation Hospital of Northwest Ohio had their personal data compromised after “unauthorized access” to employee email accounts in October, hospital officials said.

Patient data, including names, Social Security numbers, driver’s license information, dates of birth, and health insurance and patient care information, was contained in the compromised emails. Patients were notified of the breach in a letter sent earlier this week.

Read more on Toledo Blade.

The Toledo Blade reporting raised an eyebrow here because it was the second Ernest Health hospital in a week or so to report that they had an email breach back in October 2018.

The first one was  a report concerning Weslaco Regional Rehabilitation Hospital in Texas.

DataBreaches.net reached out to Ernest Health to inquire as to whether their other hospitals were also successfully attacked back in October, but has gotten no response from the health system to multiple requests over the past 48 hours.

So is there more to this story and other shoes that will drop? I don’t know but two hospitals hit in October, 2018 suggests to me that other hospitals in their system may also have been targeted for attack. But were they attacked successfully?  DataBreaches.net doesn’t know but will update this post if Ernest Health responds to the inquiries or other information becomes available.

About the author: Dissent